You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/docs/reference/spec/migration/platform-api-0.10-0.11.md
+5-3Lines changed: 5 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,16 +14,18 @@ See the [spec release](https://github.com/buildpacks/spec/releases/tag/platform%
14
14
15
15
In Platform 0.11, the lifecycle ships with standardized SBOM files describing the `lifecycle` and `launcher` binaries
16
16
(these are included in the tarball on the GitHub release page and within the image at `index.docker.io/buildpacksio/lifecycle:<version>`).
17
-
SBOM files describing the `launcher` are included in the application image at `<layers>/sbom/launch/buildpacksio_lifecycle/launcher/sbom.<ext>`,
17
+
18
+
After a build, SBOM files describing the `launcher` are included in the application image at `<layers>/sbom/launch/buildpacksio_lifecycle/launcher/sbom.<ext>`,
18
19
where `<ext>` is each of: `cdx.json`, `spdx.json`, and `syft.json`.
19
20
Additionally, SBOM files describing the `lifecycle` are copied to `<layers>/sbom/build/buildpacksio_lifecycle/sbom.<ext>`,
20
21
where they may be saved off by the platform prior to the build container exiting.
21
22
22
23
This mirrors what is already being done as of Platform 0.8 for buildpack-provided standardized SBOM files,
23
24
which are exported to `<layers>/sbom/launch/<buildpack-id>/<layer>/sbom.<ext>` (for runtime dependencies)
24
25
and copied to `<layers>/sbom/launch/<buildpack-id>/sbom.<ext>` (for build-time dependencies).
25
-
Platforms that are already handling these files should not need to take additional action -
26
-
the resulting SBOMs will simply be more complete.
26
+
27
+
To use this feature, no additional action is required from platforms that are already handling buildpack-provided SBOM files.
28
+
The SBOMs for the image will simply be more complete.
27
29
28
30
### The rebaser accepts a -previous-image flag to allow rebasing by digest reference
Copy file name to clipboardExpand all lines: content/docs/reference/spec/migration/platform-api-0.11-0.12.md
+6-1Lines changed: 6 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -57,19 +57,24 @@ If `-force` is not provided,
57
57
58
58
In Platform 0.12, extensions can be used to extend not only build-time base images, but runtime base images as well.
59
59
60
+
#### During build
61
+
60
62
To use the feature, platforms should:
61
63
* Invoke `analyzer` as usual for Platform 0.12
62
64
* Invoke `detector` with the `-run` flag, to specify the location of a `run.toml` file containing run image information
63
65
* When extensions switch the run image, this is used to log a warning if the new run image is not a known run image
64
66
* Invoke `restorer` with the `-dameon` flag (newly added in this Platform API version) if the export target is a daemon
65
67
* When extensions switch the run image, the `restorer` must re-read target data from the new run image in order to provide this information to buildpacks; if `-daemon` is provided the `restorer` will look for the run image in a daemon instead of a registry
66
68
* When extensions extend the run image, the `-daemon` flag has no effect as the `restorer` must be able to pull the run image manifest from a registry
67
-
* Invoke `extender` as usual to extend the builder image (see [migration guide](TODO) for Platform 0.10)
69
+
* Invoke `extender` as usual to extend the builder image (see [migration guide](/docs/reference/spec/migration/platform-api-0.9-0.10/index.html) for Platform 0.10)
68
70
* Inspect the contents of `analyzed.toml` - if `run-image.extend` is `true` we must run the `extender` on the run image
69
71
* Using the **run image** as the basis for the container, invoke `extender` with flags `-kind run` and `-extended <extended dir>`
70
72
*`<extended dir>` is the directory where layers from applying each `run.Dockerfile` to the run image will be saved for use by the `exporter`; it defaults to `<layers>/extended`
73
+
* Run image extension may be done in parallel with builder image extension
71
74
* Invoke `exporter` with the `-extended` flag
72
75
76
+
#### After build
77
+
73
78
Note that unlike buildpack-provided layers, layers from extensions may NOT be safe to rebase.
74
79
The `io.buildpacks.rebasable` label on the exported application image will be `false` if rebase is unsafe.
75
80
The `-force` flag must be provided to the `rebaser` in order to rebase images with unsafe extension layers,
0 commit comments